AUR packages compromised

13 July 2018, 13:57:08

For those not reading [aur-general], three AUR packages were found compromised: acroread, balz and minergate. Details of the malicious actions reveal a build-time fetch and execution of 2 scripts (which affects all users) and the installation of a systemd service and timer (which doesn't affect Artix, obviously). The purpose thereof was to gather system information and post it to a pastebin.Upon closer inspection, the installed script contains a typo which should prevent it from functioning as intended, but let this be a reminder for everyone not to blindly trust user-uploaded content. The good news is this was quickly discovered, reported and fixed.